Office of Personnel Management and CFPB violating American’s privacy

Congress is angry with the Obama administration because they have done a poor job of protecting privacy.  Members of Congress are especially angry at the fact that federal workers have had their private employment data breached as a result of gross incompetence.  

In early July, the government’s Office of Personnel Management (OPM) admitted that the personal information of 22.1 million Americans was stolen most likely by communist China.  Hackers obtained security clearance applications over 19.7 million people.  OPM Director Katherine Archuleta was forced to resign in disgrace but the damage was done. 

The Hill reported on July 8, 2015 that there are two lawsuits pending against OPM in an effort to protect government workers.  Congress needs to conduct further hearings on this matter and to find ways to change the law to protect the constitutional right of privacy.  Hearings will also help further educate voters who worry that the government is incapable of protecting the very personal information of government employees.

{mosads}Security experts believe the damage that was done to America’s national security was extraordinary.  The former Director of the Central Intelligence Agency (CIA) Michael Hayden said,  “I don’t think there is recovery from what was lost.  It remains a treasure trove of information that is available to the Chinese until the people represented by the information age off. There’s no fixing it.”

The American people discovered the breach, in part, because of congressional oversight.  OPM is part of the ordinary appropriations process and gives lawmakers the opportunity to examine, approve and disapprove of the actions of the agency.  

But there is another agency of government that is not subject to congressional scrutiny that is causing more privacy heartburn with the general public.

The Consumer Financial Protection Bureau (CFPB) was created a little over five years ago by Dodd-Frank banking reform legislation.  The bureau was designed specifically to be isolated from Congress.  Its actions are not subjection to limitations by the appropriations process, because the Federal Reserve, not Congress, funds the agency.  Congress can do little to stop the rules, regulations and hair-brain schemes that come from the bureau. 

One of those hair-brained schemes is the building of a massive database of information on the financial transactions of every American.  Credit card purchases, loans, and even mortgage transactions are part of a massive data-mining scheme.  The information contained in the database is massive.   There are nearly 1 billion credit cards issued in the U.S. and 53 million residential mortgages have been taken out since 1998 subject to this data-mining program.

And guess what — the information is not secure.  A 2014 study by the Government Accountability Office (GAO) confirmed that the CFPB collected financial data on up to 600 million consumer credit card accounts, without sufficient security and privacy protections.  Now, the Inspector General of the Federal Reserve says that the data security protection of that information is still not secure and open to vulnerabilities, like the OPM files. 

While they acknowledged that steps were being taken to protect the data, the IG “identified several control deficiencies related to configuration management, access control, and audit logging and review. Specifically, we identified improvements that are needed in the timely installation of database-level patches, the enforcement of password expiration and user access requirements, and the logging and review of security events. Our report includes seven recommendations to strengthen controls for the DT Complaint Database in these areas.”  In other words, the financial information of most Americans is vulnerable due to a privacy violating campaign that was not necessary or needed to begin with.

On simple solution would be to abolish the CFPB and start over as was suggested by Sen. Ted Cruz (R-Texas).   Another solution would be to put the CFPB under the appropriations process so that Congress, and ultimately the people, would have oversight hearings to monitor this powerful government regulatory bureau. 

Whether it is the OPM or CFPB, government needs to do a better job of protecting privacy.  At a minimum, Congress needs to conduct comprehensive oversight hearings to make sure that the constitutional right to privacy of all Americans is being protected.

Langer is president of the Institute for Liberty, a conservative public policy advocacy organization.